There are new versions of ruby on rails released, and the version you are running should be updated as soon as possible to avoid malicious users exploiting one or more of known vulnerabilities that are fixed in these releases.

Information from the Rails team:

Hi everyone!

Rails versions 3.2.13, 3.1.12, and 2.3.18 have been released. These releases contain important security fixes. It is recommended users upgrade as soon as possible.

Most users tend to run Ruby on Rails 3.2 these days, but some still run Rails 3.0 or 2.3. Those who do can not update their application to run Rails 3.2 and need to run Rails 3.0 or 2.3 are strongly advised to update their Rails to 3.0.20 or 2.3.16.

To quote the authors of rails; “I’d like to announce that 3.0.20, and 2.3.16 have been released. These releases contain one extremely critical security fix so please update IMMEDIATELY.”

“Impact – —— The JSON Parsing code in Rails 2.3 and 3.0 support multiple parsing backends. One of the backends involves transforming the JSON into YAML, and passing that through the YAML parser. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. ”